Regular Expression Denial of Service (ReDoS)

Overview @apollo/server is a spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. Successor to apollo-server-core, et al. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the startStandaloneServer...

Information Disclosure

apollo-server-express is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...

Information Exposure

Overview Versions of apollo-server-express prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their...

@3wks/gae-node-nestjs (>=0.1.3 <=5.2.0-rc3), @abyssaljs/plugin-graphql (>=0.1.1 <=0.5.0) +402 more potentially affected by unknown CVE via apollo-server-express (>=1.0.5 <=2.14.1)

apollo-server-express NPM version =1.0.5, =0.1.3, =0.1.1, =0.7.2-dev.409.01ecc9f.0, =0.7.2-dev.409.01ecc9f.0, =2018.8.28-0, =0.0.1, =0.1.0-alpha.10a87555, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0-latest.5b715197, =2.1.0, =5.4.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-X...